UseOpenIdConnectServer не работает
Я только что обновил свое приложение webapi для ядра dotnet с netcoreapp1.0 до netcoreapp2.0. Я использую openiddict для аутентификации и авторизации на основе этого примера.
Метод ConfigureServices:
public void ConfigureServices(IServiceCollection services)
{
services.AddCors();
services.AddMvc().AddJsonOptions(options =>
{
options.SerializerSettings.ContractResolver = new Newtonsoft.Json.Serialization.DefaultContractResolver();
});
services.AddDbContext<ApplicationDbContext>(options =>
{
options.UseSqlServer(@"Server=SERVER1;Database=DB1;User Id=BLAHBLAH;Password=BLAHBLAHBLAH;");
options.UseOpenIddict();
});
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
services.Configure<IdentityOptions>(options =>
{
options.ClaimsIdentity.UserNameClaimType = OpenIdConnectConstants.Claims.Name;
options.ClaimsIdentity.UserIdClaimType = OpenIdConnectConstants.Claims.Subject;
options.ClaimsIdentity.RoleClaimType = OpenIdConnectConstants.Claims.Role;
});
services.AddOpenIddict(options =>
{
options.AddEntityFrameworkCoreStores<ApplicationDbContext>();
options.AddMvcBinders();
options.EnableTokenEndpoint("/connect/token");
options.AllowPasswordFlow();
options.DisableHttpsRequirement();
options.SetAccessTokenLifetime(TimeSpan.FromMinutes(5));
});
services.AddAuthentication()
.AddOAuthValidation();
}
Настройте метод:
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
app.UseCors(b => b.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod());
app.UseOpenIdConnectServer(configuration => {
configuration.AllowInsecureHttp = true;
configuration.Provider = new AuthorizationProvider();
});
app.UseAuthentication();
app.UseMvc();
}
Класс AuthorizationProvider:
public sealed class AuthorizationProvider : OpenIdConnectServerProvider
{
public AuthorizationProvider()
{
}
public override async Task ApplyTokenResponse(ApplyTokenResponseContext context)
{
if (string.IsNullOrEmpty(context.Error))
{
var role = context.Ticket.Principal.Claims.FirstOrDefault(q => q.Type == OpenIdConnectConstants.Claims.Role).Value;
var userName = context.Ticket.Principal.Claims.FirstOrDefault(q => q.Type == OpenIdConnectConstants.Claims.Name).Value;
context.Response["role"] = role;
context.Response["userName"] = userName;
context.Response[".issued"] = DateTime.Now.ToUniversalTime().ToString("ddd, dd MMM yyyy HH:mm:ss 'GMT'");
context.Response[".expires"] = DateTime.Now.AddHours(8).ToUniversalTime().ToString("ddd, dd MMM yyyy HH:mm:ss 'GMT'");
}
return;
}
}
Следующий код не работает:
app.UseOpenIdConnectServer(configuration => {
configuration.AllowInsecureHttp = true;
configuration.Provider = new AuthorizationProvider();
});
В нем говорится, что "IApplicationBuilder" не содержит определения для "UseOpenIdConnectServer", и нет метода расширения "UseOpenIdConnectServer", принимающего первый аргумент типа "IApplicationBuilder" (вы пропустили директиву using или ссылку на сборку?)
Как мне решить это? Какой альтернативный способ добавить пользовательский поставщик?
3 ответа
Согласно странице github с примерами
Правильный способ сделать это в Startup.cs как следовать. (pasting my sample code for your reference. You can re-factor based on your need)Должно быть внутри ConfigureServices метод
services.AddAuthentication(options =>
{
options.DefaultScheme = "ServerCookie";
})
.AddCookie("ServerCookie", options =>
{
options.Cookie.Name = CookieAuthenticationDefaults.CookiePrefix + "ServerCookie";
options.ExpireTimeSpan = TimeSpan.FromMinutes(5);
options.LoginPath = new PathString("/login");
options.LogoutPath = new PathString("/logout");
})
.AddOAuthValidation()
.AddOpenIdConnectServer(options =>
{
options.ProviderType = typeof(AuthorizationProvider);
// Enable the authorization, logout, token and userinfo endpoints.
options.AuthorizationEndpointPath = "/connect/authorize";
options.LogoutEndpointPath = "/connect/logout";
options.TokenEndpointPath = new PathString("/Login");//"/connect/token";
options.UserinfoEndpointPath = "/connect/userinfo";
// Note: see AuthorizationController.cs for more
// information concerning ApplicationCanDisplayErrors.
options.ApplicationCanDisplayErrors = true;
options.AllowInsecureHttp = true;
// Note: to override the default access token format and use JWT, assign AccessTokenHandler:
//
// options.AccessTokenHandler = new JwtSecurityTokenHandler
// {
// InboundClaimTypeMap = new Dictionary<string, string>(),
// OutboundClaimTypeMap = new Dictionary<string, string>()
// };
//
// Note: when using JWT as the access token format, you have to register a signing key.
//
// You can register a new ephemeral key, that is discarded when the application shuts down.
// Tokens signed using this key are automatically invalidated and thus this method
// should only be used during development:
//
// options.SigningCredentials.AddEphemeralKey();
//
// On production, using a X.509 certificate stored in the machine store is recommended.
// You can generate a self-signed certificate using Pluralsight's self-cert utility:
// https://s3.amazonaws.com/pluralsight-free/keith-brown/samples/SelfCert.zip
//
// options.SigningCredentials.AddCertificate("7D2A741FE34CC2C7369237A5F2078988E17A6A75");
//
// Alternatively, you can also store the certificate as an embedded .pfx resource
// directly in this assembly or in a file published alongside this project:
//
// options.SigningCredentials.AddCertificate(
// assembly: typeof(Startup).GetTypeInfo().Assembly,
// resource: "Mvc.Server.Certificate.pfx",
// password: "Owin.Security.OpenIdConnect.Server");
});
services.AddScoped<AuthorizationProvider>();
Тогда внутри вашего метода настройки
app.UseAuthentication();
где приложение IApplicationBuilder
Смотри сюда
public void ConfigureServices(IServiceCollection services)
{
services.AddEntityFrameworkInMemoryDatabase()
.AddDbContext<ApplicationContext>(options =>
{
options.UseInMemoryDatabase(nameof(ApplicationContext));
});
services.AddAuthentication(options =>
{
options.DefaultScheme = "ServerCookie";
})
.AddCookie("ServerCookie", options =>
{
options.Cookie.Name = CookieAuthenticationDefaults.CookiePrefix + "ServerCookie";
options.ExpireTimeSpan = TimeSpan.FromMinutes(5);
options.LoginPath = new PathString("/signin");
options.LogoutPath = new PathString("/signout");
})
.AddGoogle(options =>
{
options.ClientId = "560027070069-37ldt4kfuohhu3m495hk2j4pjp92d382.apps.googleusercontent.com";
options.ClientSecret = "n2Q-GEw9RQjzcRbU3qhfTj8f";
})
.AddTwitter(options =>
{
options.ConsumerKey = "6XaCTaLbMqfj6ww3zvZ5g";
options.ConsumerSecret = "Il2eFzGIrYhz6BWjYhVXBPQSfZuS4xoHpSSyD9PI";
})
.AddOAuthValidation()
.AddOpenIdConnectServer(options =>
{
options.ProviderType = typeof(AuthorizationProvider);
// Enable the authorization, logout, token and userinfo endpoints.
options.AuthorizationEndpointPath = "/connect/authorize";
options.LogoutEndpointPath = "/connect/logout";
options.TokenEndpointPath = "/connect/token";
options.UserinfoEndpointPath = "/connect/userinfo";
// Note: see AuthorizationController.cs for more
// information concerning ApplicationCanDisplayErrors.
options.ApplicationCanDisplayErrors = true;
options.AllowInsecureHttp = true;
// Note: to override the default access token format and use JWT, assign AccessTokenHandler:
//
// options.AccessTokenHandler = new JwtSecurityTokenHandler
// {
// InboundClaimTypeMap = new Dictionary<string, string>(),
// OutboundClaimTypeMap = new Dictionary<string, string>()
// };
//
// Note: when using JWT as the access token format, you have to register a signing key.
//
// You can register a new ephemeral key, that is discarded when the application shuts down.
// Tokens signed using this key are automatically invalidated and thus this method
// should only be used during development:
//
// options.SigningCredentials.AddEphemeralKey();
//
// On production, using a X.509 certificate stored in the machine store is recommended.
// You can generate a self-signed certificate using Pluralsight's self-cert utility:
// https://s3.amazonaws.com/pluralsight-free/keith-brown/samples/SelfCert.zip
//
// options.SigningCredentials.AddCertificate("7D2A741FE34CC2C7369237A5F2078988E17A6A75");
//
// Alternatively, you can also store the certificate as an embedded .pfx resource
// directly in this assembly or in a file published alongside this project:
//
// options.SigningCredentials.AddCertificate(
// assembly: typeof(Startup).GetTypeInfo().Assembly,
// resource: "Mvc.Server.Certificate.pfx",
// password: "Owin.Security.OpenIdConnect.Server");
});
services.AddScoped<AuthorizationProvider>();
services.AddMvc();
services.AddDistributedMemoryCache();
}
ASP.NET Core 2.0 имеет новую модель для аутентификации и идентификации, которая упрощает настройку с помощью служб, а ниже приводится руководство по миграции.
Миграция аутентификации и идентификации в ASP.NET Core 2.0
в Configure метод измените это
app.UseOpenIdConnectServer(configuration => {
configuration.AllowInsecureHttp = true;
configuration.Provider = new AuthorizationProvider();
});
К этому
app.UseAuthentication();
и в ConfigureServices добавьте приведенный ниже код
services.AddAuthentication(options => {
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(options => {
options.Authority = Configuration["auth:oidc:authority"];
options.ClientId = Configuration["auth:oidc:clientid"];
});